Search form

TRENDING:

DOJ: 'We have no interest in prosecuting' cyber researchers

The Justice Department is trying to assure security researchers prosecutors they have no interest in going after them.

Security firms have raised concerns about a DOJ proposal intended to make it easier to prosecute the cyber crooks behind botnets — a method of infecting networks of computers and using them to conduct cyber crime.

ADVERTISEMENT

The point of contention is the department’s recommendation to prohibit the sale or transfer of “means of access” to a botnet.

“We take this concern seriously,” Assistant Attorney General Leslie Caldwell wrote in a blog post. “We have no interest in prosecuting such individuals, and our proposal would not prohibit such legitimate activity.”

The topic came up during a Thursday House Intelligence Committee hearing.

“There are no guidelines that are accepted through the government or elsewhere that say this is how you do this,” replied Richard Bejtlich, chief security strategist at leading security firm FireEye. “We need to find ways to provide sort of a safe harbor or guidelines.”

Caldwell stressed that the proposal would put the burden on the government “to prove, beyond a reasonable doubt, that the individual intentionally undertook an act (trafficking in a means of access) that he or she knew to be wrongful.”

“The government would similarly have to prove that the individual knew or had reason to know that the means of access would be used to commit a crime by hacking someone else’s computer without authorization,” Caldwell added.

Bejtlich reminded lawmakers Thursday that security researchers are a positive force in combating cyber crime. The information they discover could be sold for great sums on the black markets.

“They’re acting altruistically in order to do their part in this conflict we have,” he said.